Lines Matching full:state
36 // Definition of state data structures.
43 /// State of the stream error flags.
46 /// This is an optimization to avoid state splits.
50 /// The stream can be in state where none of the error flags set.
52 /// The stream can be in state where the EOF indicator is set.
54 /// The stream can be in state where the error indicator is set.
97 /// Full state information about a stream pointer.
103 /// State of a stream symbol.
108 } State;
111 switch (State) {
122 /// State of the error flags.
123 /// Ignored in non-opened stream state but must be NoError.
133 /// An EOF+indeterminate state is the same as EOF state.
138 : LastOperation(L), State(S), ErrorState(ES),
142 assert((State == Opened || ErrorState.isNoError()) &&
143 "ErrorState should be None in non-opened stream state.");
146 bool isOpened() const { return State == Opened; }
147 bool isClosed() const { return State == Closed; }
148 bool isOpenFailed() const { return State == OpenFailed; }
151 // In not opened state error state should always NoError, so comparison
153 return LastOperation == X.LastOperation && State == X.State &&
175 ID.AddInteger(State);
183 // This map holds the state of a stream.
236 ProgramStateRef bindAndAssumeTrue(ProgramStateRef State, CheckerContext &C,
239 State = State->BindExpr(CE, C.getLocationContext(), RetVal);
240 State = State->assume(RetVal, true);
241 assert(State && "Assumption on new value should not fail.");
242 return State;
245 ProgramStateRef bindInt(uint64_t Value, ProgramStateRef State,
247 State = State->BindExpr(CE, C.getLocationContext(),
249 return State;
263 BugType BT_IndeterminatePosition{this, "Invalid stream state",
275 ProgramStateRef checkPointerEscape(ProgramStateRef State,
291 ProgramStateRef assumeNoAliasingWithStdStreams(ProgramStateRef State,
549 /// Otherwise the return value is a new state where the stream is constrained
553 ProgramStateRef State) const;
555 /// Check that the stream is the opened state.
557 /// and nullptr returned, otherwise the original state is returned.
559 ProgramStateRef State) const;
564 /// The returned state can be nullptr if a fatal error was generated.
565 /// It can return non-null state if the stream has not an invalid position or
569 ProgramStateRef State) const;
573 /// Otherwise returns the state.
574 /// (State is not changed here because the "whence" value is already known.)
576 ProgramStateRef State) const;
578 /// Generate warning about stream in EOF state.
579 /// There will be always a state transition into the passed State,
583 ProgramStateRef State) const;
656 ProgramStateRef State) {
660 SS = State->get<StreamMap>(StreamSym);
679 ProgramStateRef setStreamState(ProgramStateRef State,
682 return State->set<StreamMap>(StreamSym, NewSS);
685 ProgramStateRef makeAndBindRetVal(ProgramStateRef State, CheckerContext &C) {
687 return State->BindExpr(CE, C.getLocationContext(), RetVal);
690 ProgramStateRef bindReturnValue(ProgramStateRef State, CheckerContext &C,
692 return State->BindExpr(CE, C.getLocationContext(),
696 ProgramStateRef bindReturnValue(ProgramStateRef State, CheckerContext &C,
698 return State->BindExpr(CE, C.getLocationContext(), Val);
701 ProgramStateRef bindNullReturnValue(ProgramStateRef State,
703 return State->BindExpr(CE, C.getLocationContext(),
707 ProgramStateRef assumeBinOpNN(ProgramStateRef State,
710 auto Cond = SVB.evalBinOpNN(State, Op, LHS, RHS, SVB.getConditionType())
714 return State->assume(*Cond, true);
718 makeRetValAndAssumeDual(ProgramStateRef State, CheckerContext &C) {
720 State = State->BindExpr(CE, C.getLocationContext(), RetVal);
721 return C.getConstraintManager().assumeDual(State, RetVal);
807 ProgramStateRef State = N->getState();
808 // When bug type is resource leak, exploded node N may not have state info
810 if (!State->get<StreamMap>(StreamSym))
815 State = N->getState();
816 if (!State->get<StreamMap>(StreamSym))
825 static std::optional<int64_t> getKnownValue(ProgramStateRef State, SVal V) {
826 SValBuilder &SVB = State->getStateManager().getSValBuilder();
827 if (const llvm::APSInt *Int = SVB.getKnownValue(State, V))
836 escapeByStartIndexAndCount(ProgramStateRef State, const CallEvent &Call,
845 const ASTContext &Ctx = State->getStateManager().getContext();
846 SValBuilder &SVB = State->getStateManager().getSValBuilder();
860 return State->invalidateRegions(
866 static ProgramStateRef escapeArgs(ProgramStateRef State, CheckerContext &C,
871 State = State->invalidateRegions(EscapingVals, Call.getOriginExpr(),
875 return State;
904 ProgramStateRef State, DefinedSVal RetVal, CheckerContext &C) const {
905 auto assumeRetNE = [&C, RetVal](ProgramStateRef State,
908 return State;
912 SVal VarValue = State->getSVal(StoreMgr.getLValueVar(Var, LCtx));
914 SVB.evalBinOp(State, BO_NE, RetVal, VarValue, SVB.getConditionType())
916 return State->assume(NoAliasState, true);
919 assert(State);
920 State = assumeRetNE(State, StdinDecl);
921 State = assumeRetNE(State, StdoutDecl);
922 State = assumeRetNE(State, StderrDecl);
923 assert(State);
924 return State;
929 ProgramStateRef State = C.getState();
938 State = State->BindExpr(CE, C.getLocationContext(), RetVal);
940 // Bifurcate the state into two: one with a valid FILE* pointer, the other
944 C.getConstraintManager().assumeDual(State, RetVal);
961 ProgramStateRef State = C.getState();
962 State = ensureStreamNonNull(getStreamArg(Desc, Call),
963 Call.getArgExpr(Desc->StreamArgNo), C, State);
964 if (!State)
967 C.addTransition(State);
973 ProgramStateRef State = C.getState();
991 if (!State->get<StreamMap>(StreamSym))
994 // Generate state for non-failed case.
997 // but any close error is ignored. The state changes to (or remains) opened.
999 State->BindExpr(CE, C.getLocationContext(), *StreamVal);
1000 // Generate state for NULL return value.
1001 // Stream switches to OpenFailed state.
1003 State->BindExpr(CE, C.getLocationContext(),
1018 ProgramStateRef State = C.getState();
1020 if (!E.Init(Desc, Call, C, State))
1026 State = E.setStreamState(State, StreamState::getClosed(Desc));
1029 C.addTransition(E.bindReturnValue(State, C, 0));
1030 C.addTransition(E.bindReturnValue(State, C, *EofVal));
1035 ProgramStateRef State = C.getState();
1037 State = ensureStreamNonNull(StreamVal, Call.getArgExpr(Desc->StreamArgNo), C,
1038 State);
1039 if (!State)
1041 State = ensureStreamOpened(StreamVal, C, State);
1042 if (!State)
1044 State = ensureNoFilePositionIndeterminate(StreamVal, C, State);
1045 if (!State)
1049 if (Sym && State->get<StreamMap>(Sym)) {
1050 const StreamState *SS = State->get<StreamMap>(Sym);
1052 reportFEofWarning(Sym, C, State);
1054 C.addTransition(State);
1060 ProgramStateRef State = C.getState();
1062 State = ensureStreamNonNull(StreamVal, Call.getArgExpr(Desc->StreamArgNo), C,
1063 State);
1064 if (!State)
1066 State = ensureStreamOpened(StreamVal, C, State);
1067 if (!State)
1069 State = ensureNoFilePositionIndeterminate(StreamVal, C, State);
1070 if (!State)
1073 C.addTransition(State);
1108 tryToInvalidateFReadBufferByElements(ProgramStateRef State, CheckerContext &C,
1124 std::optional<int64_t> CountVal = getKnownValue(State, NMembVal);
1125 std::optional<int64_t> Size = getKnownValue(State, SizeVal);
1127 getKnownValue(State, StartElementIndex.value_or(UnknownVal()));
1141 return escapeByStartIndexAndCount(State, Call, C.blockCount(), Buffer,
1152 ProgramStateRef State = C.getState();
1154 if (!E.Init(Desc, Call, C, State))
1168 // the state of the stream remain unchanged.
1169 if (State->isNull(*SizeVal).isConstrainedTrue() ||
1170 State->isNull(*NMembVal).isConstrainedTrue()) {
1173 C.addTransition(E.bindReturnValue(State, C, 0));
1183 State, C, Call, *SizeVal, *NMembVal);
1184 State =
1185 InvalidatedState ? InvalidatedState : escapeArgs(State, C, Call, {0});
1188 // Generate a transition for the success state.
1189 // If we know the state to be FEOF at fread, do not add a success state.
1192 State->BindExpr(E.CE, C.getLocationContext(), *NMembVal);
1198 // Add transition for the failed state.
1205 State->BindExpr(E.CE, C.getLocationContext(), RetVal);
1227 ProgramStateRef State = C.getState();
1229 if (!E.Init(Desc, Call, C, State))
1235 State = escapeArgs(State, C, Call, {0});
1237 // Generate a transition for the success state of `fgetc`.
1240 State->BindExpr(E.CE, C.getLocationContext(), RetVal);
1252 // Generate a transition for the success state of `fgets`.
1258 State->BindExpr(E.CE, C.getLocationContext(), *GetBuf);
1265 // Add transition for the failed state.
1268 StateFailed = E.bindReturnValue(State, C, *EofVal);
1270 StateFailed = E.bindNullReturnValue(State, C);
1286 ProgramStateRef State = C.getState();
1288 if (!E.Init(Desc, Call, C, State))
1292 // Generate a transition for the success state of `fputc`.
1297 State->BindExpr(E.CE, C.getLocationContext(), *PutVal);
1302 // Generate a transition for the success state of `fputs`.
1305 State->BindExpr(E.CE, C.getLocationContext(), RetVal);
1318 // Add transition for the failed state. The resulting value of the file
1320 ProgramStateRef StateFailed = E.bindReturnValue(State, C, *EofVal);
1332 ProgramStateRef State = C.getState();
1334 if (!E.Init(Desc, Call, C, State))
1338 State = State->BindExpr(E.CE, C.getLocationContext(), RetVal);
1341 .evalBinOp(State, BO_GE, RetVal, E.SVB.makeZeroVal(E.ACtx.IntTy),
1347 std::tie(StateNotFailed, StateFailed) = State->assume(*Cond);
1356 // Add transition for the failed state. The resulting value of the file
1368 ProgramStateRef State = C.getState();
1370 if (!E.Init(Desc, Call, C, State))
1373 // Add the success state.
1384 State->BindExpr(E.CE, C.getLocationContext(), RetVal);
1402 // Add transition for the failed state.
1408 ProgramStateRef StateFailed = E.bindReturnValue(State, C, *EofVal);
1418 ProgramStateRef State = C.getState();
1420 if (!E.Init(Desc, Call, C, State))
1423 // Generate a transition for the success state.
1427 ProgramStateRef StateNotFailed = E.bindReturnValue(State, C, *PutVal);
1432 // Add transition for the failed state.
1433 // Failure of 'ungetc' does not result in feof or ferror state.
1435 // the same transition as the success state.
1436 // In this case only one state transition is added by the analyzer (the two
1438 ProgramStateRef StateFailed = E.bindReturnValue(State, C, *EofVal);
1446 ProgramStateRef State = C.getState();
1448 if (!E.Init(Desc, Call, C, State))
1460 State = escapeArgs(State, C, Call, {0, 1});
1462 // Add transition for the successful state.
1464 ProgramStateRef StateNotFailed = E.bindReturnValue(State, C, RetVal);
1469 auto NewLinePtr = getPointeeVal(Call.getArgSVal(0), State);
1477 auto NVal = getPointeeVal(SizePtrSval, State);
1488 // Add transition for the failed state.
1491 ProgramStateRef StateFailed = E.bindReturnValue(State, C, -1);
1497 if (auto NewLinePtr = getPointeeVal(Call.getArgSVal(0), State))
1505 ProgramStateRef State = C.getState();
1507 State = ensureStreamNonNull(StreamVal, Call.getArgExpr(Desc->StreamArgNo), C,
1508 State);
1509 if (!State)
1511 State = ensureStreamOpened(StreamVal, C, State);
1512 if (!State)
1514 State = ensureFseekWhenceCorrect(Call.getArgSVal(2), C, State);
1515 if (!State)
1518 C.addTransition(State);
1523 ProgramStateRef State = C.getState();
1525 if (!E.Init(Desc, Call, C, State))
1528 // Add success state.
1529 ProgramStateRef StateNotFailed = E.bindReturnValue(State, C, 0);
1530 // No failure: Reset the state to opened with no error.
1538 // Add failure state.
1544 ProgramStateRef StateFailed = E.bindReturnValue(State, C, -1);
1553 ProgramStateRef State = C.getState();
1555 if (!E.Init(Desc, Call, C, State))
1559 std::tie(StateFailed, StateNotFailed) = E.makeRetValAndAssumeDual(State, C);
1562 // This function does not affect the stream state.
1563 // Still we add success and failure state with the appropriate return value.
1564 // StdLibraryFunctionsChecker can change these states (set the 'errno' state).
1572 ProgramStateRef State = C.getState();
1574 if (!E.Init(Desc, Call, C, State))
1578 std::tie(StateFailed, StateNotFailed) = E.makeRetValAndAssumeDual(State, C);
1599 ProgramStateRef State = C.getState();
1601 if (!E.Init(Desc, Call, C, State))
1606 State->BindExpr(E.CE, C.getLocationContext(), RetVal);
1612 ProgramStateRef StateFailed = E.bindReturnValue(State, C, -1);
1614 // This function does not affect the stream state.
1615 // Still we add success and failure state with the appropriate return value.
1616 // StdLibraryFunctionsChecker can change these states (set the 'errno' state).
1623 ProgramStateRef State = C.getState();
1625 if (!E.Init(Desc, Call, C, State))
1628 State =
1629 E.setStreamState(State, StreamState::getOpened(Desc, ErrorNone, false));
1630 C.addTransition(State);
1635 ProgramStateRef State = C.getState();
1643 C.getConstraintManager().assumeDual(State, *Stream);
1650 ProgramStateRef State = C.getState();
1659 C.getConstraintManager().assumeDual(State, *Stream);
1663 State = StateNotNull;
1665 State = StateNull;
1672 ProgramStateRef StateFailed = bindInt(*EofVal, State, C, CE);
1673 ProgramStateRef StateNotFailed = bindInt(0, State, C, CE);
1687 // Skip if the input stream's state is unknown, open-failed or closed.
1689 const StreamState *SS = State->get<StreamMap>(StreamSym);
1714 ProgramStateRef State = C.getState();
1716 if (!E.Init(Desc, Call, C, State))
1720 State = E.setStreamState(
1721 State,
1723 C.addTransition(State);
1729 ProgramStateRef State = C.getState();
1731 if (!E.Init(Desc, Call, C, State))
1737 // From now on it is the only one error state.
1738 ProgramStateRef TrueState = bindAndAssumeTrue(State, C, E.CE);
1747 // New error state is everything before minus ErrorKind.
1748 ProgramStateRef FalseState = E.bindReturnValue(State, C, 0);
1767 ProgramStateRef State = C.getState();
1769 if (!E.Init(Desc, Call, C, State))
1773 State = State->BindExpr(E.CE, C.getLocationContext(), RetVal);
1774 State = E.assumeBinOpNN(State, BO_GE, RetVal, E.getZeroVal(Call));
1775 if (!State)
1778 C.addTransition(State);
1783 ProgramStateRef State = C.getState();
1785 State = ensureStreamNonNull(StreamVal, Call.getArgExpr(Desc->StreamArgNo), C,
1786 State);
1787 if (!State)
1789 State = ensureStreamOpened(StreamVal, C, State);
1790 if (!State)
1793 C.addTransition(State);
1800 ProgramStateRef State = C.getState();
1803 const StreamState *SS = State->get<StreamMap>(StreamSym);
1805 State = State->set<StreamMap>(
1808 C.addTransition(State);
1814 ProgramStateRef State) const {
1817 return State;
1822 std::tie(StateNotNull, StateNull) = CM.assumeDual(State, *Stream);
1880 ProgramStateRef State) const {
1883 return State;
1885 const StreamState *SS = State->get<StreamMap>(Sym);
1887 return State;
1900 return State;
1906 // But freopen can cause a state when stream pointer remains non-null but
1920 return State;
1924 SVal StreamVal, CheckerContext &C, ProgramStateRef State) const {
1932 return State;
1934 const StreamState *SS = State->get<StreamMap>(Sym);
1936 return State;
1943 // Continue analysis with the FEOF error state.
1945 ExplodedNode *N = C.generateNonFatalErrorNode(State);
1953 return State->set<StreamMap>(
1957 // Known or unknown error state without FEOF possible.
1959 if (ExplodedNode *N = C.generateErrorNode(State)) {
1969 return State;
1974 ProgramStateRef State) const {
1978 return State;
1982 return State;
1984 if (ExplodedNode *N = C.generateNonFatalErrorNode(State)) {
1993 return State;
1997 ProgramStateRef State) const {
1998 if (ExplodedNode *N = C.generateNonFatalErrorNode(State)) {
2001 "Read function called when stream is in EOF state. "
2008 C.addTransition(State);
2023 // if (rand()) // state split
2055 ProgramStateRef State = C.getState();
2059 const StreamMapTy &Map = State->get<StreamMap>();
2067 State = State->remove<StreamMap>(Sym);
2074 C.addTransition(State, N);
2078 ProgramStateRef State, const InvalidatedSymbols &Escaped,
2084 return State;
2092 // Remove symbol from state so the following stream calls on this symbol are
2094 State = State->remove<StreamMap>(Sym);
2096 return State;